Hi,
my network has been constantly under heavy intrusion
recently and is giving me a big headache.
My firewalls reported possible intrusiong via
ipoptions.
it reported the protocol used as 54 ( not TCP or UDP )
and without any source port.
Could it be a diagnostic program running IP options ?
What are the possibilties and dangers ?
There is also spoofing attempt by using fake ips e.g. 192.168.0.x
protocol used is udp and source port is 137 ( a.k.a. nbname )
going to destination port 137.
How is this possible, though I'm using NAT within my network
inside the internal interface of my firewall.
But the spoofing is coming from the exteranl firewall interface.
Last but not the least, I have probing as well.
In some cases of probing and ip options, I have the ip address
of the perpetrator.
What should I do ?
Any advice will be most appreciated.
TIA.
Best Regards,
Simon
Network Administrator
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
